diff options
| author | Michael Kubacki <michael.kubacki@microsoft.com> | 2021-09-09 11:46:01 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2021-09-16 01:51:36 +0000 |
| commit | c19d18136ef920e3e84f961e2a335a41147adcb8 (patch) | |
| tree | 07a8135f4cf503fea915c60d110236b4c7355100 /MdeModulePkg | |
| parent | 6f501a7c9bb196ce1ad9dd5b0024974d1b6784be (diff) | |
| download | edk2-c19d18136ef920e3e84f961e2a335a41147adcb8.tar.gz edk2-c19d18136ef920e3e84f961e2a335a41147adcb8.tar.bz2 edk2-c19d18136ef920e3e84f961e2a335a41147adcb8.zip | |
MdeModulePkg/Core/Pei: Fix pointer size mismatch in EvacuateTempRam()
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3512
In 32-bit PEI, the local variable pointers MigratedFvHeader and
RawDataFvHeader in EvacuateTempRam() will be 32-bit in size. The
pointers are currently passed to PeiServicesAllocatePages() which
expects a 64-bit output buffer of type EFI_PHYSICAL_ADDRESS.
When PeiServicesAllocatePages() writes to the buffer, the data
can overflow.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Diffstat (limited to 'MdeModulePkg')
| -rw-r--r-- | MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c index a050a6ed96..f6bb906f38 100644 --- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c @@ -1135,6 +1135,7 @@ EvacuateTempRam ( volatile UINTN FvIndex;
volatile UINTN FvChildIndex;
UINTN ChildFvOffset;
+ EFI_PHYSICAL_ADDRESS FvHeaderAddress;
EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
EFI_FIRMWARE_VOLUME_HEADER *ChildFvHeader;
EFI_FIRMWARE_VOLUME_HEADER *MigratedFvHeader;
@@ -1186,9 +1187,10 @@ EvacuateTempRam ( Status = PeiServicesAllocatePages (
EfiBootServicesCode,
EFI_SIZE_TO_PAGES ((UINTN) FvHeader->FvLength),
- (EFI_PHYSICAL_ADDRESS *) &MigratedFvHeader
+ &FvHeaderAddress
);
ASSERT_EFI_ERROR (Status);
+ MigratedFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvHeaderAddress;
//
// Allocate pool to save the raw PEIMs, which is used to keep consistent context across
@@ -1197,9 +1199,10 @@ EvacuateTempRam ( Status = PeiServicesAllocatePages (
EfiBootServicesCode,
EFI_SIZE_TO_PAGES ((UINTN) FvHeader->FvLength),
- (EFI_PHYSICAL_ADDRESS *) &RawDataFvHeader
+ &FvHeaderAddress
);
ASSERT_EFI_ERROR (Status);
+ RawDataFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvHeaderAddress;
DEBUG ((
DEBUG_VERBOSE,
|